Updating The Code Of Conduct With A Chapter On Practical GRC Issues
Post financial crisis, Governance, Risk Management and
Compliance (GRC) enforcement is gathering momentum and the dynamic GRC components
have a growing interest all over the world. Establishment of global GRC
compliance programs is critical to prevent violations, even though companies
do not get credit for the quality of the GRC program from the oversight
authorities.
Given the size of the financial meltdown
of 2008 relatively little has changed in the content of the code of conduct.
The result of the crisis was some rather severe 'injury' to the staff
and the balance sheet of the company. Many reports claim that the crisis
and the meltdown was a result of cultural abuse and misconduct at the
root-cause of the crisis. We must all do everything possible to avoid
that the global financial structure, represented by all corporates and
financial institutions, does not fall apart again. Let's start from the
beginning with a revised the code of conduct for all employees.
Inclusion of GRC in the Code of Conduct booklet
The rewards of an effective and respectable GRC compliance program come
from the investors and other stakeholders. To ensure that the GRC compliance
program is effective, it should be targeted to those kinds of risks that
trigger the specific activities of the company, as well as the activities
of employees the company. That is the primary reason, why the GRC codes
must be included in the Code of Conduct.
However, before the HR or marketing department place the glossy words
in the Code of Conduct, it is important to address a few questions that
relate to GRC inclusion in the Code of Conduct booklet.
Depending on the nature, he size and risk maturity level, the first step
is to explain the nature and exposure to the business;
- Have you performed or participated in a GRC risk assessment lately?
- Does the business process in each location, involve manufacturing
and selling directly or thru distributors, other manufacturers, or
consumers?
The result of the above two questions poses a different kind of GRC risks
and decides the focus and concentration of the next assessment in the
codex.
- The product and the market; What type of competition and or domination
exists.
- Attributes of the product and the impact on the geographic market
- Loyalty to product, industry and trade issues
The consolidated response to above five questions can be both informative
and determine the emphasis of the GRC program in the Code of Conduct booklet.
Good faith & adequate procedures
The next step is to determine the value of the GRC components of the compliance
program.
Effective GRC compliance programs start at the top, and the program should
encourage employees to report wrongdoing. Because failure to implement
an effective compliance program will now likely result in a trial and/or
imprisonment of a the officers involved in the case of severe negligence.
The primary purpose of implementing a GRC program is that it is a part
of a company's due diligence to prevent and detect GRC violations. The
secondary purpose is to show the company is in good faith as all as all
adequate GRC procedures were implemented. The code of conduct with all
its components like monitoring, training, testing etc. can provide additional
documentation.
Proper procedures
The existence of a dependable and operative program is best judged by
management, board, and the auditors. A compliance program that is considered
reliable and effective is one that is customized, and the GRC officer
can demonstrate that it was reasonably designed, implemented and enforced.
The practical examples of the findings and tests can then find their way
to the Code of Conduct, depending on the level of transparency that exists
in the company.
Cultural abuse & misconduct as the cause
The editor of the code must also have access to relevant records and individuals
in order properly to assess the integrity of the company's GRC program
when examples are stated in the code of conduct.
Participate in the Indian HR Summit on the 26th June 2015 to learn more
on updating the Code og Conduct
http://copenhagencompliance.com/2015/indiahrsummit/